Grant Rights to Create Users


To allow users to create objects in Active Directory, you need to grant them appropriate permissions with the help of Security Roles. In this tutorial, you will learn how to create a Security Role that will grant users the ability to create user accounts in Active Directory.

Permissions granted by Security Roles are effective only within Adaxes.

  1. Launch Adaxes Administration Console, right-click your Adaxes service, point to New and click Security Role.



    Enter a name for the new Security Role and click Next.

  2. On the Permissions step, click Add.

  3. In the Operations on child objects section, check the Create Child Objects permission in the Allow column.

  4. To allow creation of user accounts only, click Select object types and select the User object type.

    It is a good practice to add the Read permission to all Security Roles. It will ensure that users have the right to view the objects they manage. By default, the rights to view Active Directory objects are granted by built-in Security Role Domain User. It is recommended to add the Read permission because the default rights can be changed.


  5. Click OK. On the Permissions page of the wizard, you will see the permission you have added.


    Click Next.

  6. On the Assignments step, click Add to assign the Security Role to users.

  7. Select the users and groups whom you want to assign the permissions to, and click Next.

  8. Select where in Active Directory you want the selected users to be able to create user accounts.

    Select the following items:

    • All Objects - select to allow users to create user accounts in any Organizational Unit in any domain managed by Adaxes.

    • Specific Domain - select to allow users to create user accounts in any Organizational Unit within a domain.

    • OU or Container - select to allow users to create user accounts in an Organizational Unit or container.

      • To allow creation of user accounts in the selected Organizational Unit only, select The Organizational Unit object.
      • To allow creation of user accounts in the selected Organizational Unit and in the Organizational Units located under it, select Objects located in the Organizational Unit. Select One level to include only the Organizational Units located directly under the selected one.

    When done, click Finish to complete the Assign Role wizard.

  9. Click Finish to complete the Create Security Role wizard.

For information on how to request approval for user creation, see Request Approval for User Creation.



Open tutorial filtering

Got questions?
Support Forum